Use Codex to review code before committing or merging. Covers the /review slash command, GitHub integration, and building custom CI/CD reviews.

Code Review

Codex includes a dedicated code review agent that reads diffs and reports prioritized, actionable findings. You can use it in the CLI, IDE, GitHub, or as part of a custom CI/CD pipeline.

Using /review in CLI and IDE#

The /review slash command launches a review within your active Codex session.

Review Options#

Type /review and select from:

| Option | What It Reviews | |--------|----------------| | Review uncommitted changes | Staged, unstaged, and untracked files | | Review a specific commit | The exact changeset for a chosen SHA | | Custom review instructions | Your own criteria (e.g., "Focus on security") |

Example Workflow#

# 1. Make your changes
git add -A

# 2. Open Codex
codex

# 3. Type /review and select "Review uncommitted changes"

# 4. Codex analyzes your diff and reports:
#    - P0: Critical bugs or security issues
#    - P1: Logic errors, missing edge cases
#    - P2: Style issues, potential improvements

Each review run shows up as its own turn in the transcript, so you can rerun reviews as the code evolves and compare feedback across iterations.

The Review Pane#

In the IDE extension and desktop app, the review pane provides a visual diff experience:

Inline comments from the review appear directly on changed lines
Git actions let you stage, unstage, or revert changes
Scope switching — View all branch changes, just the last turn, or staged vs unstaged

Custom Review Model#

By default, /review uses the current session model. You can set a specific review model in config.toml:

review_model = "gpt-5.3-codex"

GitHub Integration#

Set up automated PR reviews directly in GitHub.

Setup#

Connect your GitHub account in Codex settings
Enable "Code review" for your repository
Codex automatically reviews PRs when they move from draft to ready

Triggering Reviews#

Automatic: Codex reviews PRs as they become ready for review
Manual: Comment @codex review on any PR
Focused: @codex review for security vulnerabilities

How It Works#

Codex reads the PR diff and searches for AGENTS.md files
It applies review guidelines from the closest AGENTS.md to each changed file
It posts findings as a standard GitHub code review
On GitHub, Codex only flags P0 (critical) and P1 (important) issues

Tip

To have Codex catch lower-priority issues like documentation typos, add a rule to your AGENTS.md: "In review, treat documentation typos as P1 issues."

### Fixing Issues In-Thread

If Codex recommends edits, you can stay in the same PR thread and ask it to implement them. Commenting anything other than "review" (e.g., @codex fix the type error on line 42) starts a cloud task using the PR as context.

Building Custom CI/CD Reviews#

For teams with on-premise code or non-GitHub SCM, you can build code review into your pipeline using codex exec:

# In your CI pipeline
codex exec --json "Review this diff for bugs and security issues. \
  Focus on: SQL injection, XSS, authentication bypasses, \
  and missing input validation." \
  | jq '.message'

GitHub Action#

Use the official Codex GitHub Action for CI/CD reviews:

- uses: openai/codex-action@v1
  with:
    codex-api-key: ${{ secrets.OPENAI_API_KEY }}
    prompt: "Review the changes in this PR for correctness and security"

Info

For CI/CD code reviews, OpenAI recommends using gpt-5.2-codex for the strongest accuracy and consistency.

## Review Quality

Codex code review consistently catches:

Logical errors and race conditions
Security vulnerabilities (injection, XSS, auth bypasses)
Missing edge cases and error handling
Test gaps — identifies untested code paths

On terminal-based debugging tasks, GPT-5.3-Codex outperforms other models in catching subtle bugs.

Next Steps#

GitHub Integration — Full GitHub setup guide
Non-Interactive Mode — Automate reviews in CI/CD
AGENTS.md — Configure review guidelines per project